From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 37AB5158064 for ; Sat, 4 May 2024 09:29:19 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E9A122BC018; Sat, 4 May 2024 09:28:54 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1AAB1E2BFF for ; Sat, 4 May 2024 09:28:37 +0000 (UTC) Received: from glsamakerdev.dev.gentoo.org (unknown [140.211.166.165]) by smtp.gentoo.org (Postfix) with ESMTP id 55B4E34311B for ; Sat, 4 May 2024 09:28:36 +0000 (UTC) Received: from [172.18.0.3] (unknown [172.18.0.3]) by glsamakerdev.dev.gentoo.org (Postfix) with ESMTP id 15909B3A20 for ; Sat, 4 May 2024 09:28:36 +0000 (UTC) Subject: [gentoo-announce] [ GLSA 202405-09 ] MediaInfo, MediaInfoLib: Multiple Vulnerabilities Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-announce@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="===============7079591163760224404==" From: glsamaker@gentoo.org To: gentoo-announce@lists.gentoo.org Reply-To: security@gentoo.org Date: Sat, 04 May 2024 09:28:35 -0000 Message-ID: <171481491607.8.10967450474081968079@987c7955d8b1> X-Archives-Salt: 589a92bc-bbc7-4a7a-be43-4f899bcee3ff X-Archives-Hash: 9b50c2c552cee279b32e1243fd5f833e --===============7079591163760224404== Content-Type: text/plain; charset="utf-8" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202405-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MediaInfo, MediaInfoLib: Multiple Vulnerabilities Date: May 04, 2024 Bugs: #778992, #836564, #875374, #917612 ID: 202405-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in MediaInfo and MediaInfoLib, the worst of which could allow user-assisted remote code execution. Background ========== MediaInfo supplies technical and tag information about media files. MediaInfoLib contains MediaInfo libraries. Affected packages ================= Package Vulnerable Unaffected ----------------------- ------------ ------------ media-libs/libmediainfo < 23.10 >= 23.10 media-video/mediainfo < 23.10 >= 23.10 Description =========== Multiple vulnerabilities have been discovered in MediaInfo and MediaInfoLib. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All MediaInfo users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-video/mediainfo-23.10" All MediaInfolib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libmediainfo-23.10" References ========== Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202405-09 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 --===============7079591163760224404== Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmY1/8MACgkQFMQkOaVy +9nF/RAAt39a5GNgK69nRGtNfcyR2hrkmrFfpBKH9En+mbkWnWEaIKmZzIuz6gHe RUDM2JdydOh6lMDSnr/oMSH70F2UgfKKgGdh/ymuxsMZb6vNLwGE14UjPayc5/Kk zNvi5RPt/7xGd4S5aQFbgBsBKW7jPCkk0/V2V0TuzJiJIeN6j31uuiwR7bjdb/3P vlCjk3pt/dlHJp/kNAUmWMtqh5oCQ3T8rl7PjENt15JLSXIrNhucxhUhWbTPswzk ZEs4iiVs82qyOK9nDkcuBjSxDIB31nJr3SMzEeCyIcT9quaiHboUiZOb0UkDoQU+ YuYNg5KroQkAlxsJIARlB4YZUbkkhOHn76TSrQtCosrEYhQQGmoP0Fsq/59rhgYO NgxaDCwsLDNtnkb8GkwZypyHBA0KFdwaLbZ6VBOZyzS2wVDq/63+jDLCpiTK8ll5 vXnaPHdBbLc0UhOMAN+w0cwyDvnLE5WU8zrwVLupMVo9mNzQLUEmO5hepUCL6ziY s5r6nAtZGd6+2/ytN8l/ZmsUxGipoh+pFMCANTYMge201oGY/cQcClYh1OSHRnM+ Rr+D+QfVnDRjaXEw+gfcqLnpOTDcD0kxeuIPrTm9PPV+5bAlM+9BoWnUB6YN+Ipy tAo7hd1Cmg7SOUW1OiQpy/ejrgzM9g7jo7bUSy+qDaW54EWh9lw= =zjTh -----END PGP SIGNATURE----- --===============7079591163760224404==--